Israel is a pretty amazing country, and I was privileged to join some of our nation's top cybersecurity executives on a delegation to CyberWeek through CISOs Connect™, one of the best invitation-only societies for cybersecurity executives and practitioners. (Note: I am both a board member of CISOs Connect™ and a member of the community for nearly 5 years now)
We were really fortunate to get the opportunity to explore the country in the days leading up to CyberWeek so I wanted to share some reflections here that I think will resonate both with Cybersecurity Executives and business leaders.
Always be honest and authentic...
Our first evening in the country had us engaged in a powerful discussion with Uri Dromi - who is one of those people who has seen it all and is willing to share his experiences openly and honestly. Executives should always aim to be honest and authentic in their interactions with others, regardless of level. Mr. Dromi spoke on a number of topics, but reminded us all of the importance of being authentic in every encounter. We enjoyed great food, great conversation, in wonderful company. It was a lovely first evening in the beautiful city of Tel Aviv.
Preparation is everything...
One of the expertly designed cisterns from 10th-7th century BC
As cybersecurity executives you focus on threats which leaves little time for preparation. But it is key to make preparation a priority for your organization.
A view of the dead sea from the Masada complex.
Ours should be a proactive discipline focused on the "what if" as much as the things that are in front of us. Our trip to the Masada gave us a first-hand view into the preparation King Herrod put into food supplies there - supplies that were so well-preserved whole seeds and grains were discovered thousands of years later. CISOs have to take the time to elevate their programs from reactionary to preparatory - building a culture of awareness and preparedness across the organization.
The dead sea
The Past Informs the Present...
My favorite part of our excursion took us into Jerusalem, which was both awe inspiring and humbling. The prior day was also about history, but the weight you feel being in a place like Jerusalem, which has seen so much conflict, peace, love, and death all at the same time, is a lot to take in. Remembering that here in the states our history is a few hundred years old and history there is over 2000 it kind of takes your breath away.
We visited the Western Wall and its adjacent tunnels, the Dome of the Rock, the Church of the Holy Sepulchre, Mt. Olive, and all of the amazing shops and food markets available. We had an amazing tour guide who knew everything and told stories as if he were there. It was great to learn the kind of history you often see
Dome of the Rock
depicted on film and read about in books.
While there I felt reminded of how the past informs the present - the lesson for CISOs and tech executives being that what happened before you arrived is critical to enabling you to shape the future with any level of credibility. You'll get different sides from different people, but you have to take the time to understand it all so you can make decisions that move your organization forward. I find this is particularly difficult for CISOs who often want to start from a clean slate and find themselves spending more time phasing out past tech stacks and decisions. If Jerusalem is any indication, the more history you're aware of, the better you can be at measuring potential risk in your organizations.
The evening we attended an awesome panel discussion led by Dr. Amit Elazari who started OpenPolicy, a new platform aimed at democratizing access to intelligence in the cyber space. We enjoyed great views of the entire city, which has done such an amazing job of blending thousands of years of history with modern architectures and design.
Our "thing" doesn't work without our community...
The cyber security community is unique in that we have a very strong sense of community. People
communicate with each other, we meet with each other and collaborate often, we share ideas and work together to make the products our teams use better. There's nothing like it anywhere else in the c-suite. The next day of our delegation was focused on activities that further strengthen that community in the context of CyberWeek and the strong cyber ecosystem the Israeli government has developed.
We spoke with emerging startups from YL Ventures' impressive portfolio of innovative cybersecurity companies.
We also met with the folks at Claroty, a leading cyber security firm that produces software focused on enterprise IoT analysis and integrated vulnerability management. It's a really neat solution, but we were more enamored with their focus on providing support for the cyber security community, and their business culture which includes the pup pictured. Frankly, a CISO's job is hard enough; knowing that there are companies out there focused not just on building the next mousetrap, but making the community stronger, is extremely encouraging. CISOs should remember to well-leverage the community we have for support and be more willing to share data with each other.
Continuing with the theme of community, our delegation did a "Shark Tank" for emerging startups at CyberWeek the following day. We spoke with several emerging companies and provided them with critical feedback that I believe will help them grow and better support the cyber community. Our shark tanks operate like the one you see on the TV show by the same name. Members of the panel ask questions during and following the pitches delivered by those companies. It's a great opportunity for companies to ensure alignment with the market, while getting critical feedback that could dramatically improve their product, positioning, or functionality. IMO, every company serious about having a product that is successful and useful to the market should do one of CISOs Connect's Shark Tanks.
We visited the Carmel Market in Tel Aviv which was amazing. Believe it or not, one of the best tacos I've ever had I had in Israel...which is mind-blowing for me. We enjoyed amazing food with a great tour guide who was actually from Texas, Sam, via a company called Delicious Israel. First, as ideas go, this is a great one. And I love entrepreneurs who innovate in the spaces they're in. We enjoyed delicious food from all over the Carmel Market and got a taste of Israel and a taste of home in a setting that was exciting and vibrant. We rounded out our evening with a great rooftop reception from Greenfield Partners who has funded some of the top cybersecurity companies in the world.
Culture drives innovation...
A worthwhile thing for all executive leaders to remember, not just CISOs. Innovation is like a field. Just because there's space, you're not guaranteed to grow anything. In order to grow anything, you need great dirt. You need good irrigation, etc. Culture is what enables an innovative culture to grow and thrive. We saw this in action at the offices of Armis where a culture that drives innovation was on full display. This isn't about pinball machines and snack bars, it's about an environment where people can easily connect with one another above and beyond their everyday duties. One of the things I noticed was that at Armis everyone knew what the mission was and was aligned to it. A very rare thing to see. As CISOs we should work to inspire an innovative culture both internally and externally - internally with our teams to drive innovation solutions that manage and identify risk better, and externally with other employees to drive a security-conscious culture.
Later that day I had the honor of sharing a panel with David Cass, Chris Roberts, and Dr. Chris Demchak which was moderated by Daniel Garrie of Law and Forensics, one of the nation's top cyber law firms. We had a candid discussion about the impact of cyber on modern warfare using the Ukraine/Russia conflict as a backdrop. The conversation was excellent, the audience participation was excellent, and I had a great time. It's always important to have candid conversations when it comes to what we do as cybersecurity leaders. Sharing data points makes us all stronger, and it was great to have the opportunity to share insights with scholars, students, and other leaders at Tel Aviv University.
and just like that...
It was over. I enjoyed breakfast with a friend, walked the city and took in some additional sights, and had the opportunity to visit Yafo (pronounced Jaffa) with friends where we ate some amazing food before my flight home. So much more happened while we were there, I made so many new friends, and had experiences I will truly treasure for the rest of my life.
On the ride home I reflected on the experience the one thing that stood out to me is the strength of the CISO community. Thousands of leaders and practitioners who give 100% on a daily basis to help keep companies safe and secure. And while we hear about the outliers more often, the companies that fail to do the right thing and expose customer data as a result, the unsung heroes of our industry go unnoticed day after day. Over 10,000 people from 80 different countries came to Israel to talk about cyber security. No community comes close. We have to continue to draw from each other - there's strength in our numbers.
###
Streamlining Security in a Product Shop
The ’53-Man’ Roster for Security (Part 3 of 3)
The ’53-Man’ Roster for Security (Part 2 of 3)
The ’53-Man’ Roster for Security (Part 1 of 3)
Dear Congress, We need a privacy law.
